Home
Getting started
Authentication
Grant Type: Client Credentials
Grant Type: Password
Grant Type: Refresh Token
Scope permissions
Regenerate client secret
Public API reference
Auth API reference
Power your offering with Go1 content
1. Connect to Go1
2. Discover content
3. Play content
4. Track learning
5. Manage content updates
6. Manage customer portals
Publish your content with Go1
1. Connect
2. Author
3. Distribute
4. Insights
Platform concepts
Manage groups
Manage user accounts
Webhook signatures
Support
Grant Type: Refresh Token

This page walks through how to refresh your access_token using the refresh token grant type.

As a Go1 access token is valid for only 12 hours, the refresh token is used to 'refresh' an expired (or soon to expire) access token. To refresh the token, you will need to exchange a valid refresh token for a new access token, by making a request 'refresh token' request to the Go1 authorization server, token endpoint.
Note - Refresh tokens are one-time use only and have any expiry of 90 days. You will get a new refresh_token with each refresh.
Example request
First, send your credentials, client ID and client secret and valid refresh_token via a POST request to https://auth.go1.com/oauth/token, setting the grant type to refresh_token. 
An example request might look like this:
curl --location --request POST 'https://auth.go1.com/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id=<CLIENT_ID>' \
--data-urlencode 'client_secret=<CLIENT_SECRET>' \
--data-urlencode 'refresh_token=<ACCESS_TOKEN>'
The server will reply with a new set of access and refresh tokens and the expiration time of the access token (12 hours). Note - the refresh token has an expiry of 90 days. 
{ 
	"token_type": "Bearer", 
	"expires_in": 43200, 
	"access_token": "OAUTH_TOKEN", 
	"refresh_token": "OAUTH_REFRESH_TOKEN"
}
Access Token Usage
Once an access token has been provided, an application can use it to access the user's account. This access is limited to the scope provided and will only be available until the token expires or is removed.
An example of an API request, using curl might look like this. Note that the access token is included:
curl -X POST -H "Authorization: Bearer <ACCESS_TOKEN>" "<https://api.go1.com/v2/ENDPOINT>"
Provided the access token remains valid, the request will be processed according to API specifications. If the access token expires or is removed, an 'Invalid token' error will be presented.